Privacy Policy

1. Introduction

This Privacy Policy outlines how DocLink (Private) Limited ("DocLink", "we", "our", or "us") collects, uses, stores, and protects personal and professional information of doctors ("Users" or "you") who use the DocLink Mobile Application and its related services.

DocLink is committed to maintaining the confidentiality, integrity, and security of your personal information in compliance with applicable laws, including the Personal Data Protection Act, No. 9 of 2022 (Sri Lanka), and relevant international data protection standards.

By using the DocLink application, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Scope of Application

This Privacy Policy applies exclusively to the DocLink Doctor Application, designed for medical professionals in Sri Lanka. The current version of DocLink is intended only for doctors and does not include patient or hospital access. Future updates may expand the platform's functionality; such changes will be governed by revised versions of this policy.

3. Information We Collect

We collect the following categories of data from users to enable secure and efficient operation of the DocLink platform:

4. How We Use the Collected Information

DocLink uses your information solely for legitimate business purposes, including:

1. User Account Management: To create, verify, and manage your DocLink account.
2. Platform Operation: To facilitate doctor-side functionalities such as income tracking, document uploads, and financial summaries.
3. Verification: To verify the authenticity of professional credentials and practice locations.
4. Payment Processing: To process payments and settlements through our third-party payment partner, PayHere (Pvt) Ltd.
5. Analytics and Improvement: To analyze system performance, enhance features, and improve user experience.
6. Compliance and Legal Obligations: To comply with legal requirements, taxation standards, and audit requests.
7. Security and Fraud Prevention: To detect and prevent unauthorized access or fraudulent activity.

5. Data Storage and Retention

• All collected data is securely stored on Amazon Web Services (AWS) servers located within compliant jurisdictions that adhere to industry-grade data protection standards.
• Personal and financial data will be retained only for as long as necessary to fulfill the purposes outlined in this policy or as required by law.
• Users may request data deletion, subject to regulatory retention obligations.

6. Data Security

DocLink employs advanced administrative, technical, and physical safeguards to ensure data protection, including:

• Secure Socket Layer (SSL) encryption during data transmission.
• Controlled access with multi-factor authentication for internal systems.
• Regular system audits and vulnerability assessments.
• Restricted data access based on user roles and authorization.

Despite these measures, no method of transmission or storage is completely secure. Users are advised to maintain the confidentiality of their credentials.

7. Third-Party Service Providers

DocLink engages limited third-party services necessary for the operation of the platform. These include:

• Payment Gateway: PayHere (Pvt) Ltd., for payment collection and settlement processing conducted through the doclink web portal.
• Cloud Infrastructure: Amazon Web Services (AWS), for secure data storage and hosting.

These service providers are bound by contractual obligations to maintain data confidentiality and comply with applicable privacy regulations. No third-party analytics, marketing, or tracking tools are integrated into the current version of the DocLink app.

8. Disclosure of Information

DocLink does not sell, rent, or trade any user data. However, we may disclose your information under the following limited circumstances:

• To comply with legal or regulatory obligations or government requests.
• To protect the rights, property, or safety of DocLink, its users, or the public.
• To third-party partners solely for payment processing or data hosting, bound by confidentiality agreements.

9. User Rights

You have the following rights regarding your data:

1. Right to Access: Request a copy of your personal data stored by DocLink.
2. Right to Rectification: Request correction of inaccurate or incomplete data.
3. Right to Erasure: Request deletion of your data, subject to legal obligations.
4. Right to Restrict Processing: Limit certain uses of your personal information.
5. Right to Withdraw Consent: Withdraw consent where processing is based on prior authorization.

To exercise these rights, don't hesitate to get in touch with our Data Protection Officer via the contact details provided in Section 13.

10. International Data Transfers

DocLink primarily operates within Sri Lanka; however, data may be processed or stored in foreign jurisdictions (via AWS) that maintain equivalent data protection standards. By using the application, you consent to such lawful data transfers.

11. Children's Privacy

DocLink services are strictly intended for registered medical professionals. We do not knowingly collect or process data from individuals under 18 years of age.

12. Updates to This Policy

DocLink reserves the right to update this Privacy Policy at any time. Any material changes will be notified via in-app notice or email. Continued use of the app after changes indicates acceptance of the revised policy.

13. Contact Information

For questions, complaints, or data-related requests, please contact:

14. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the Democratic Socialist Republic of Sri Lanka. Any disputes arising under this policy shall be subject to the exclusive jurisdiction of the courts of Sri Lanka.